package com.example.demo.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;

import com.example.demo.util.Md5PasswordEncode;
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true, jsr250Enabled = true)
public class MySecurityConfig extends WebSecurityConfigurerAdapter {

	@Override
	protected void configure(HttpSecurity http) throws Exception {
		
		http.formLogin().loginPage("http://localhost/login/login.jsp").usernameParameter("u")
		.passwordParameter("p")
		.defaultSuccessUrl("http://www.baidu.com").loginProcessingUrl("/login")
 			//.successHandler(myAuthenticationSuccessHandler)                                 // 认证成功回调 一般不设置
 	    //  .failureHandler(myAuthenticationFailureHandler)									// 认证失败的回调 
 			.and().authorizeRequests()
 	//      .antMatchers("/logout").permitAll()  
 			.antMatchers("/img/**").permitAll()  
 			.antMatchers("/js/**").permitAll()  
 			.antMatchers("/css/**").permitAll()  
 			.antMatchers("/bootstrap/**").permitAll()  
 			.antMatchers("/fonts/**").permitAll()  
 			.antMatchers("/favicon.ico").permitAll()
 			.antMatchers("/logview").permitAll()
 			.antMatchers("/two/login").permitAll()
 			.antMatchers("/login.jsp").permitAll()
 			.anyRequest().authenticated()
 			.and().csrf().disable();
		
	}
	@Bean
	public PasswordEncoder passwordEncoder() {
		return new Md5PasswordEncode();
		
	}
}
